RubyGems - packetgen - Versions diffs - 2.8.7 → 3.0.0 - Mend

packetgen 2.8.7 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

checksums.yaml +4 -4
data/.rubocop.yml +0 -1
data/README.md +5 -4
data/lib/packetgen.rb +6 -12
data/lib/packetgen/capture.rb +43 -39
data/lib/packetgen/config.rb +0 -1
data/lib/packetgen/deprecation.rb +1 -1
data/lib/packetgen/header.rb +9 -9
data/lib/packetgen/header/asn1_base.rb +10 -10
data/lib/packetgen/header/base.rb +42 -101
data/lib/packetgen/header/dhcp/option.rb +5 -11
data/lib/packetgen/header/dhcpv6/duid.rb +2 -0
data/lib/packetgen/header/dhcpv6/option.rb +2 -19
data/lib/packetgen/header/dhcpv6/options.rb +7 -0
data/lib/packetgen/header/dns.rb +5 -23
data/lib/packetgen/header/dns/name.rb +1 -0
data/lib/packetgen/header/dns/qdsection.rb +1 -0
data/lib/packetgen/header/dns/question.rb +3 -7
data/lib/packetgen/header/dns/rr.rb +3 -0
data/lib/packetgen/header/dns/rrsection.rb +1 -0
data/lib/packetgen/header/dot11.rb +1 -17
data/lib/packetgen/header/dot1x.rb +1 -0
data/lib/packetgen/header/eap.rb +4 -7
data/lib/packetgen/header/eth.rb +2 -0
data/lib/packetgen/header/http/headers.rb +3 -0
data/lib/packetgen/header/http/request.rb +5 -4
data/lib/packetgen/header/http/response.rb +5 -4
data/lib/packetgen/header/icmp.rb +6 -0
data/lib/packetgen/header/icmpv6.rb +6 -0
data/lib/packetgen/header/igmpv3/mq.rb +2 -0
data/lib/packetgen/header/ip.rb +32 -30
data/lib/packetgen/header/ip/addr.rb +1 -0
data/lib/packetgen/header/ip/option.rb +23 -20
data/lib/packetgen/header/ip/options.rb +11 -24
data/lib/packetgen/header/ipv6.rb +45 -34
data/lib/packetgen/header/ipv6/addr.rb +2 -0
data/lib/packetgen/header/ipv6/hop_by_hop.rb +7 -31
data/lib/packetgen/header/mdns.rb +1 -0
data/lib/packetgen/header/mldv2/mlq.rb +2 -0
data/lib/packetgen/header/ospfv2/lsa.rb +15 -25
data/lib/packetgen/header/ospfv3/ipv6_prefix.rb +1 -1
data/lib/packetgen/header/ospfv3/lsa.rb +8 -25
data/lib/packetgen/header/snmp.rb +2 -0
data/lib/packetgen/header/tcp.rb +23 -2
data/lib/packetgen/header/tcp/option.rb +51 -52
data/lib/packetgen/header/tcp/options.rb +17 -52
data/lib/packetgen/header/tftp.rb +3 -0
data/lib/packetgen/header/udp.rb +8 -0
data/lib/packetgen/packet.rb +119 -102
data/lib/packetgen/pcapng/block.rb +4 -10
data/lib/packetgen/pcapng/epb.rb +4 -4
data/lib/packetgen/pcapng/file.rb +7 -3
data/lib/packetgen/pcapng/idb.rb +2 -2
data/lib/packetgen/pcapng/shb.rb +3 -3
data/lib/packetgen/pcapng/spb.rb +1 -8
data/lib/packetgen/pcapng/unknown_block.rb +0 -7
data/lib/packetgen/types.rb +1 -0
data/lib/packetgen/types/array.rb +73 -71
data/lib/packetgen/types/cstring.rb +1 -1
data/lib/packetgen/types/enum.rb +3 -3
data/lib/packetgen/types/fields.rb +66 -106
data/lib/packetgen/types/int.rb +9 -5
data/lib/packetgen/types/length_from.rb +45 -0
data/lib/packetgen/types/oui.rb +2 -0
data/lib/packetgen/types/string.rb +10 -16
data/lib/packetgen/types/tlv.rb +7 -15
data/lib/packetgen/utils.rb +8 -8
data/lib/packetgen/utils/arp_spoofer.rb +1 -2
data/lib/packetgen/version.rb +1 -1
metadata +3 -21
data/lib/packetgen/header/crypto.rb +0 -62
data/lib/packetgen/header/esp.rb +0 -413
data/lib/packetgen/header/ike.rb +0 -243
data/lib/packetgen/header/ike/auth.rb +0 -165
data/lib/packetgen/header/ike/cert.rb +0 -76
data/lib/packetgen/header/ike/certreq.rb +0 -66
data/lib/packetgen/header/ike/id.rb +0 -99
data/lib/packetgen/header/ike/ke.rb +0 -79
data/lib/packetgen/header/ike/nonce.rb +0 -40
data/lib/packetgen/header/ike/notify.rb +0 -176
data/lib/packetgen/header/ike/payload.rb +0 -315
data/lib/packetgen/header/ike/sa.rb +0 -561
data/lib/packetgen/header/ike/sk.rb +0 -261
data/lib/packetgen/header/ike/ts.rb +0 -270
data/lib/packetgen/header/ike/vendor_id.rb +0 -39
data/lib/packetgen/header/netbios.rb +0 -20
data/lib/packetgen/header/netbios/datagram.rb +0 -105
data/lib/packetgen/header/netbios/name.rb +0 -67
data/lib/packetgen/header/netbios/session.rb +0 -64

data/lib/packetgen/types/int.rb CHANGED Viewed

@@ -38,23 +38,26 @@ module PacketGen
       # @abstract
       # Read an Int from a binary string or an integer
-      # @param [Integer, String] value
+      # @param [Integer, #to_s] value
       # @return [self]
+      # @raise [ParseError] when reading +#to_s+ objects with abstract Int class.
       def read(value)
         @value = if value.is_a?(Integer)
                    value.to_i
-                 else
+                 elsif defined? @packstr
                    value.to_s.unpack(@packstr[@endian]).first
+                 else
+                   raise ParseError, 'Int#read is abstract and cannot read'
                  end
         self
       end
       # @abstract
       # @return [::String]
-      # @raise [StandardError] This is an abstrat method and must be redefined
+      # @raise [ParseError] This is an abstrat method and must be redefined
       def to_s
         unless defined? @packstr
-          raise StandardError, 'PacketGen::Types::Int#to_s is an abstract method'
+          raise ParseError, 'PacketGen::Types::Int#to_s is an abstract method'
         end
         [to_i].pack(@packstr[@endian])
@@ -66,6 +69,7 @@ module PacketGen
         @value || @default
       end
       alias to_human to_i
+      alias from_human value=
       # Convert Int to Float
       # @return [Float]
@@ -76,7 +80,7 @@ module PacketGen
       # Give size in bytes of self
       # @return [Integer]
       def sz
-        to_s.size
+        width
       end
     end

data/lib/packetgen/types/length_from.rb ADDED Viewed

@@ -0,0 +1,45 @@
+# coding: utf-8
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+# frozen_string_literal: true
+module PacketGen
+  module Types
+    # This module is a mixin adding +length_from+ capacity to a type.
+    # +length_from+ capacity is the capacity, for a type, to gets its
+    # length from another object.
+    # @author Sylvain Daubert
+    # @since 3.0.0
+    module LengthFrom
+      # Initialize +length from+ capacity.
+      # Should be call by extensed object's initialize.
+      # @param [Hash] options
+      # @option options [Types::Int,Proc] :length_from object or proc from which
+      #   takes length when reading
+      # @return [void]
+      def initialize_length_from(options)
+        @length_from = options[:length_from]
+      end
+      # Return a substring from +str+ of length given in another object.
+      # @param [#to_s] str
+      # @return [String]
+      def read_with_length_from(str)
+        s = PacketGen.force_binary(str.to_s)
+        str_end = case @length_from
+                  when Types::Int
+                    @length_from.to_i
+                  when Proc
+                    @length_from.call
+                  else
+                    s.size
+                  end
+        str_end = 0 if str_end < 0
+        s[0, str_end]
+      end
+    end
+  end
+end

data/lib/packetgen/types/oui.rb CHANGED Viewed

@@ -29,8 +29,10 @@ module PacketGen
       # @return [OUI] self
       def from_human(str)
         return self if str.nil?
         bytes = str.split(/:/)
         raise ArgumentError, 'not a OUI' unless bytes.size == 3
         self[:b2].read(bytes[0].to_i(16))
         self[:b1].read(bytes[1].to_i(16))
         self[:b0].read(bytes[2].to_i(16))

data/lib/packetgen/types/string.rb CHANGED Viewed

@@ -12,39 +12,33 @@ module PacketGen
     # to be compatible with others {Types}.
     # @author Sylvain Daubert
     class String < ::String
+      include LengthFrom
+      # @return [Integer]
+      attr_reader :static_length
       # @param [Hash] options
       # @option options [Types::Int,Proc] :length_from object or proc from which
       #   takes length when reading
       # @option options [Integer] :static_length set a static length for this string
       def initialize(options={})
         super()
-        @length_from = options[:length_from]
+        initialize_length_from(options)
         @static_length = options[:static_length]
       end
       # @param [::String] str
       # @return [String] self
       def read(str)
-        s = str.to_s
-        str_end = case @length_from
-                  when Types::Int
-                    @length_from.to_i
-                  when Proc
-                    @length_from.call
-                  else
-                    if @static_length.is_a? Integer
-                      @static_length
-                    else
-                      s.size
-                    end
-                  end
-        str_end = 0 if str_end < 0
-        self.replace(s[0, str_end])
+        s = read_with_length_from(str)
+        s = s[0, static_length] if static_length
+        self.replace(s)
         self
       end
       alias sz length
       alias to_human to_s
+      alias from_human read
     end
   end
 end

data/lib/packetgen/types/tlv.rb CHANGED Viewed

@@ -75,6 +75,8 @@ module PacketGen
       # @private
       alias old_type= type=
+      undef type=, value=, value
       # Set type
       # @param [::String,Integer] val
       # @return [Integer]
@@ -86,8 +88,10 @@ module PacketGen
           self.old_type = val
         else
           raise TypeError, 'need an Integer' unless human_types?
           new_val = self.class::TYPES.key(val.to_s)
           raise ArgumentError, "unknown #{val} type" if new_val.nil?
           self.old_type = new_val
         end
       end
@@ -96,27 +100,15 @@ module PacketGen
       # @param [::String,Integer] val
       # @return [::String,Integer]
       def value=(val)
-        if self[:value].respond_to? :from_human
-          self[:value].from_human val
-        elsif self[:value].is_a? Types::Int
-          self[:value].value = val
-        else
-          self.length = val.length if val.is_a? ::String
-          self[:value].read val
-        end
+        self[:value].from_human val
+        self.length = self[:value].sz
         val
       end
       # Get +value+
       # @return [Object] depend on +value+ type
       def value
-        if self[:value].respond_to? :to_human
-          self[:value].to_human
-        elsif self[:value].is_a? Types::Int
-          self[:value].to_i
-        else
-          self[:value]
-        end
+        self[:value].to_human
       end
       # Return human readable type, if TYPES is defined

data/lib/packetgen/utils.rb CHANGED Viewed

@@ -42,6 +42,7 @@ module PacketGen
     # @option options [Integer] :timeout timeout in seconds before stopping
     #   request. Default to 2.
     # @return [String,nil]
+    # @raise [RuntimeError] user don't have permission to capture packets on network device.
     def self.arp(ipaddr, options={})
       unless options[:no_cache]
         local_cache = self.arp_cache
@@ -65,6 +66,7 @@ module PacketGen
       cap_thread.join
       return if capture.packets.empty?
       capture.packets.each do |pkt|
         break pkt.arp.sha.to_s if pkt.arp.spa.to_s == ipaddr
       end
@@ -85,6 +87,7 @@ module PacketGen
     # @option options [String] :iface interface to use. Default to
     #   {PacketGen.default_iface}
     # @return [void]
+    # @raise [RuntimeError] user don't have permission to capture packets on network device.
     def self.arp_spoof(target_ip, spoofed_ip, options={})
       interval = options[:interval] || 1.0
       as = ARPSpoofer.new(timeout: options[:for_seconds], interval: interval,
@@ -119,6 +122,7 @@ module PacketGen
     #     pkt
     #   end
     # @since 2.2.0
+    # @raise [RuntimeError] user don't have permission to capture packets on network device.
     def self.mitm(target1, target2, options={})
       options = { iface: PacketGen.default_iface }.merge(options)
@@ -144,14 +148,10 @@ module PacketGen
         iph = modified_pkt.ip
         l2 = modified_pkt.is?('Dot11') ? modified_pkt.dot11 : modified_pkt.eth
-        if (iph.dst != my_ip) && (iph.src != my_ip)
-          if (iph.src == target1)  || (iph.dst == target2)
-            l2.dst = mac2
-          elsif (iph.src == target2) ||(iph.dst == target1)
-            l2.dst = mac1
-          else
-            next
-          end
+        if (iph.src == target1) || (iph.dst == target2)
+          l2.dst = mac2
+        elsif (iph.src == target2) || (iph.dst == target1)
+          l2.dst = mac1
         else
           next
         end

data/lib/packetgen/utils/arp_spoofer.rb CHANGED Viewed

@@ -5,8 +5,6 @@
 # frozen_string_literal: true
-require 'thread'
 module PacketGen
   module Utils
     # @note This class is provided for test purpose.
@@ -117,6 +115,7 @@ module PacketGen
       # @return [Boolean,nil]
       def active?(target_ip)
         return unless @targets.key?(target_ip)
         @targets[target_ip][:active]
       end

data/lib/packetgen/version.rb CHANGED Viewed

@@ -10,5 +10,5 @@
 # @author Sylvain Daubert
 module PacketGen
   # PacketGen version
-  VERSION = '2.8.7'
+  VERSION = '3.0.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: packetgen
 version: !ruby/object:Gem::Version
-  version: 2.8.7
+  version: 3.0.0
 platform: ruby
 authors:
 - Sylvain Daubert
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-10-18 00:00:00.000000000 Z
+date: 2018-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: interfacez
@@ -153,7 +153,6 @@ files:
 - lib/packetgen/header/asn1_base.rb
 - lib/packetgen/header/base.rb
 - lib/packetgen/header/bootp.rb
-- lib/packetgen/header/crypto.rb
 - lib/packetgen/header/dhcp.rb
 - lib/packetgen/header/dhcp/option.rb
 - lib/packetgen/header/dhcp/options.rb
@@ -183,7 +182,6 @@ files:
 - lib/packetgen/header/eap/md5.rb
 - lib/packetgen/header/eap/tls.rb
 - lib/packetgen/header/eap/ttls.rb
-- lib/packetgen/header/esp.rb
 - lib/packetgen/header/eth.rb
 - lib/packetgen/header/gre.rb
 - lib/packetgen/header/http.rb
@@ -198,19 +196,6 @@ files:
 - lib/packetgen/header/igmpv3/group_record.rb
 - lib/packetgen/header/igmpv3/mq.rb
 - lib/packetgen/header/igmpv3/mr.rb
-- lib/packetgen/header/ike.rb
-- lib/packetgen/header/ike/auth.rb
-- lib/packetgen/header/ike/cert.rb
-- lib/packetgen/header/ike/certreq.rb
-- lib/packetgen/header/ike/id.rb
-- lib/packetgen/header/ike/ke.rb
-- lib/packetgen/header/ike/nonce.rb
-- lib/packetgen/header/ike/notify.rb
-- lib/packetgen/header/ike/payload.rb
-- lib/packetgen/header/ike/sa.rb
-- lib/packetgen/header/ike/sk.rb
-- lib/packetgen/header/ike/ts.rb
-- lib/packetgen/header/ike/vendor_id.rb
 - lib/packetgen/header/ip.rb
 - lib/packetgen/header/ip/addr.rb
 - lib/packetgen/header/ip/option.rb
@@ -226,10 +211,6 @@ files:
 - lib/packetgen/header/mldv2/mcast_address_record.rb
 - lib/packetgen/header/mldv2/mlq.rb
 - lib/packetgen/header/mldv2/mlr.rb
-- lib/packetgen/header/netbios.rb
-- lib/packetgen/header/netbios/datagram.rb
-- lib/packetgen/header/netbios/name.rb
-- lib/packetgen/header/netbios/session.rb
 - lib/packetgen/header/ospfv2.rb
 - lib/packetgen/header/ospfv2/db_description.rb
 - lib/packetgen/header/ospfv2/hello.rb
@@ -271,6 +252,7 @@ files:
 - lib/packetgen/types/fields.rb
 - lib/packetgen/types/int.rb
 - lib/packetgen/types/int_string.rb
+- lib/packetgen/types/length_from.rb
 - lib/packetgen/types/oui.rb
 - lib/packetgen/types/string.rb
 - lib/packetgen/types/tlv.rb

data/lib/packetgen/header/crypto.rb DELETED Viewed

@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-module PacketGen
-  module Header
-    # Mixin for cryptographic classes
-    # @api private
-    # @author Sylvain Daubert
-    module Crypto
-      # Cryptographic error
-      class Error < PacketGen::Error; end
-      # Register cryptographic modes
-      # @param [OpenSSL::Cipher] conf
-      # @param [OpenSSL::HMAC] intg
-      # @return [void]
-      def set_crypto(conf, intg)
-        @conf = conf
-        @intg = intg
-        return unless conf.authenticated?
-        # #auth_tag_len only supported from ruby 2.4.0
-        @conf.auth_tag_len = @trunc if @conf.respond_to? :auth_tag_len
-      end
-      # Get confidentiality mode name
-      # @return [String]
-      def confidentiality_mode
-        mode = @conf.name.match(/-([^-]*)$/)[1]
-        raise Error, 'unknown cipher mode' if mode.nil?
-        mode.downcase
-      end
-      # Say if crypto modes permit authentication
-      # @return [Boolean]
-      def authenticated?
-        @conf.authenticated? || !@intg.nil?
-      end
-      def authenticate!
-        @conf.final
-        if @intg
-          @intg.update @esn.to_s if @esn
-          @intg.digest[0, @icv_length] == @icv
-        else
-          true
-        end
-      rescue OpenSSL::Cipher::CipherError
-        false
-      end
-      def encipher(data)
-        enciphered_data = @conf.update(data)
-        @intg.update(enciphered_data) if @intg
-        enciphered_data
-      end
-      def decipher(data)
-        @intg.update(data) if @intg
-        @conf.update(data)
-      end
-    end
-  end
-end

data/lib/packetgen/header/esp.rb DELETED Viewed

@@ -1,413 +0,0 @@
-# This file is part of PacketGen
-# See https://github.com/sdaubert/packetgen for more informations
-# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
-# This program is published under MIT license.
-# frozen_string_literal: true
-module PacketGen
-  module Header
-    # A ESP header consists of:
-    # * a Security Parameters Index (#{spi}, {Types::Int32} type),
-    # * a Sequence Number ({#sn}, +Int32+ type),
-    # * a {#body} (variable length),
-    # * an optional TFC padding ({#tfc}, variable length),
-    # * an optional {#padding} (to align ESP on 32-bit boundary, variable length),
-    # * a {#pad_length} ({Types::Int8}),
-    # * a Next header field ({#next}, +Int8+),
-    # * and an optional Integrity Check Value ({#icv}, variable length).
-    #
-    # == Create an ESP header
-    #  # standalone
-    #  esp = PacketGen::Header::ESP.new
-    #  # in a packet
-    #  pkt = PacketGen.gen('IP').add('ESP')
-    #  # access to ESP header
-    #  pkt.esp   # => PacketGen::Header::ESP
-    #
-    # == Examples
-    # === Create an enciphered UDP packet (ESP transport mode), using CBC mode
-    #  icmp = PacketGen.gen('IP', src: '192.168.1.1', dst: '192.168.2.1').
-    #                   add('ESP', spi: 0xff456e01, sn: 12345678).
-    #                   add('UDP', dport: 4567, sport: 45362, body 'abcdef')
-    #  cipher = OpenSSL::Cipher.new('aes-128-cbc')
-    #  cipher.encrypt
-    #  cipher.key = 16bytes_key
-    #  iv = 16bytes_iv
-    #  esp.esp.encrypt! cipher, iv
-    #
-    # === Create a ESP packet tunneling a UDP one, using GCM combined mode
-    #  # create inner UDP packet
-    #  icmp = PacketGen.gen('IP', src: '192.168.1.1', dst: '192.168.2.1').
-    #                   add('UDP', dport: 4567, sport: 45362, body 'abcdef')
-    #
-    #  # create outer ESP packet
-    #  esp = PacketGen.gen('IP', src '198.76.54.32', dst: '1.2.3.4').add('ESP')
-    #  esp.esp.spi = 0x87654321
-    #  esp.esp.sn  = 0x123
-    #  esp.esp.icv_length = 16
-    #  # encapsulate ICMP packet in ESP one
-    #  esp.encapsulate icmp
-    #
-    #  # encrypt ESP payload
-    #  cipher = OpenSSL::Cipher.new('aes-128-gcm')
-    #  cipher.encrypt
-    #  cipher.key = 16bytes_key
-    #  iv = 8bytes_iv
-    #  esp.esp.encrypt! cipher, iv, salt: 4bytes_gcm_salt
-    #
-    # === Decrypt a ESP packet using CBC mode and HMAC-SHA-256
-    #  cipher = OpenSSL::Cipher.new('aes-128-cbc')
-    #  cipher.decrypt
-    #  cipher.key = 16bytes_key
-    #
-    #  hmac = OpenSSL::HMAC.new(hmac_key, OpenSSL::Digest::SHA256.new)
-    #
-    #  pkt.esp.decrypt! cipher, intmode: hmac    # => true if ICV check OK
-    # @author Sylvain Daubert
-    # @since 1.2.0
-    class ESP < Base
-      include Crypto
-      # IP protocol number for ESP
-      IP_PROTOCOL = 50
-      # Well-known UDP port for ESP
-      UDP_PORT = 4500
-      # @!attribute spi
-      #  32-bit Security Parameter Index
-      #  @return [Integer]
-      define_field :spi, Types::Int32
-      # @!attribute sn
-      #  32-bit Sequence Number
-      #  @return [Integer]
-      define_field :sn, Types::Int32
-      # @!attribute body
-      #  @return [Types::String,Header::Base]
-      define_field :body, Types::String
-      # @!attribute tfc
-      #  Traffic Flow Confidentiality padding
-      #  @return [Types::String,Header::Base]
-      define_field :tfc, Types::String
-      # @!attribute padding
-      #  ESP padding
-      #  @return [Types::String,Header::Base]
-      define_field :padding, Types::String
-      # @!attribute pad_length
-      #  8-bit padding length
-      #  @return [Integer]
-      define_field :pad_length, Types::Int8
-      # @!attribute next
-      #  8-bit next protocol value
-      #  @return [Integer]
-      define_field :next, Types::Int8
-      # @!attribute icv
-      #  Integrity Check Value
-      #  @return [Types::String,Header::Base]
-      define_field :icv, Types::String
-      # ICV (Integrity Check Value) length
-      # @return [Integer]
-      attr_accessor :icv_length
-      # @param [Hash] options
-      # @option options [Integer] :icv_length ICV length
-      # @option options [Integer] :spi Security Parameters Index
-      # @option options [Integer] :sn Sequence Number
-      # @option options [::String] :body ESP payload data
-      # @option options [::String] :tfc Traffic Flow Confidentiality, random padding
-      #    up to MTU
-      # @option options [::String] :padding ESP padding to align ESP on 32-bit
-      #    boundary
-      # @option options [Integer] :pad_length padding length
-      # @option options [Integer] :next Next Header field
-      # @option options [::String] :icv Integrity Check Value
-      def initialize(options={})
-        @icv_length = options[:icv_length] || 0
-        super
-      end
-      # Read a ESP packet from string.
-      #
-      # {#padding} and {#tfc} are not set as they are enciphered (impossible
-      # to guess their respective size). {#pad_length} and {#next} are also
-      # enciphered.
-      # @param [String] str
-      # @return [self]
-      def read(str)
-        return self if str.nil?
-        force_binary str
-        self[:spi].read str[0, 4]
-        self[:sn].read str[4, 4]
-        self[:body].read str[8...-@icv_length - 2]
-        self[:tfc].read ''
-        self[:padding].read ''
-        self[:pad_length].read str[-@icv_length - 2, 1]
-        self[:next].read str[-@icv_length - 1, 1]
-        self[:icv].read str[-@icv_length, @icv_length] if @icv_length
-        self
-      end
-      # Encrypt in-place ESP payload and trailer.
-      #
-      # This method removes all data from +tfc+ and +padding+ fields, as their
-      # enciphered values are concatenated into +body+.
-      #
-      # It also removes headers under ESP from packet, as they are enciphered in
-      # ESP body, and then are no more accessible.
-      # @param [OpenSSL::Cipher] cipher keyed cipher.
-      #   This cipher is confidentiality-only one, or AEAD one. To use a second
-      #   cipher to add integrity, use +:intmode+ option.
-      # @param [String] iv full IV for encryption
-      #  * CTR and GCM modes: +iv+ is 8-bytes long.
-      # @param [Hash] options
-      # @option options [String] :salt salt value for CTR and GCM modes
-      # @option options [Boolean] :tfc
-      # @option options [Fixnum] :tfc_size ESP body size used for TFC
-      #   (default 1444, max size for a tunneled IPv4/ESP packet).
-      #   This is the maximum size for ESP packet (without IP header
-      #   nor Eth one).
-      # @option options [Fixnum] :esn 32 high-orber bits of ESN
-      # @option options [Fixnum] :pad_length set a padding length
-      # @option options [String] :padding set a padding. No check with
-      #   +:pad_length+ is made. If +:pad_length+ is not set, +:padding+
-      #   length is shortened to correct padding length
-      # @option options [OpenSSL::HMAC] :intmode integrity mode to use with a
-      #   confidentiality-only cipher. Only HMAC are supported.
-      # @return [self]
-      def encrypt!(cipher, iv, options={})
-        opt = { salt: '', tfc_size: 1444 }.merge(options)
-        set_crypto cipher, opt[:intmode]
-        real_iv = force_binary(opt[:salt]) + force_binary(iv)
-        real_iv += [1].pack('N') if confidentiality_mode == 'ctr'
-        cipher.iv = real_iv
-        authenticate_esp_header_if_needed options, iv
-        case confidentiality_mode
-        when 'cbc'
-          cipher_len = self.body.sz + 2
-          self.pad_length = (16 - (cipher_len % 16)) % 16
-        else
-          mod4 = to_s.size % 4
-          self.pad_length = 4 - mod4 if mod4 > 0
-        end
-        if opt[:pad_length]
-          self.pad_length = opt[:pad_length]
-          padding = force_binary(opt[:padding] || (1..self.pad_length).to_a.pack('C*'))
-          self[:padding].read padding
-        else
-          padding = force_binary(opt[:padding] || (1..self.pad_length).to_a.pack('C*'))
-          self[:padding].read padding[0...self.pad_length]
-        end
-        tfc = ''
-        if opt[:tfc]
-          tfc_size = opt[:tfc_size] - body.sz
-          if tfc_size > 0
-            tfc_size = case confidentiality_mode
-                       when 'cbc'
-                         (tfc_size / 16) * 16
-                       else
-                         (tfc_size / 4) * 4
-                       end
-            tfc = force_binary("\0" * tfc_size)
-          end
-        end
-        msg = self.body.to_s + tfc
-        msg += self[:padding].to_s + self[:pad_length].to_s + self[:next].to_s
-        enc_msg = encipher(msg)
-        # as padding is used to pad for CBC mode, this is unused
-        cipher.final
-        self[:body] = Types::String.new.read(iv) << enc_msg[0..-3]
-        self[:pad_length].read enc_msg[-2]
-        self[:next].read enc_msg[-1]
-        # reset padding field as it has no sense in encrypted ESP
-        self[:padding].read ''
-        set_esp_icv_if_needed
-        # Remove enciphered headers from packet
-        id = header_id(self)
-        if id < packet.headers.size - 1
-          (packet.headers.size - 1).downto(id + 1) do |index|
-            packet.headers.delete_at index
-          end
-        end
-        self
-      end
-      # Decrypt in-place ESP payload and trailer.
-      # @param [OpenSSL::Cipher] cipher keyed cipher
-      #   This cipher is confidentiality-only one, or AEAD one. To use a second
-      #   cipher to add integrity, use +:intmode+ option.
-      # @param [Hash] options
-      # @option options [Boolean] :parse parse deciphered payload to retrieve
-      #   headers (default: +true+)
-      # @option options [Fixnum] :icv_length ICV length for captured packets,
-      #   or read from PCapNG files
-      # @option options [String] :salt salt value for CTR and GCM modes
-      # @option options [Fixnum] :esn 32 high-orber bits of ESN
-      # @option options [OpenSSL::HMAC] :intmode integrity mode to use with a
-      #   confidentiality-only cipher. Only HMAC are supported.
-      # @return [Boolean] +true+ if ESP packet is authenticated
-      def decrypt!(cipher, options={})
-        opt = { salt: '', parse: true }.merge(options)
-        set_crypto cipher, opt[:intmode]
-        case confidentiality_mode
-        when 'gcm'
-          iv = self.body.slice!(0, 8)
-          real_iv = opt[:salt] + iv
-        when 'cbc'
-          cipher.padding = 0
-          real_iv = iv = self.body.slice!(0, 16)
-        when 'ctr'
-          iv = self.body.slice!(0, 8)
-          real_iv = opt[:salt] + iv + [1].pack('N')
-        else
-          real_iv = iv = self.body.slice!(0, 16)
-        end
-        cipher.iv = real_iv
-        if authenticated? && (@icv_length.zero? || opt[:icv_length])
-          raise ParseError, 'unknown ICV size' unless opt[:icv_length]
-          @icv_length = opt[:icv_length].to_i
-          # reread ESP to handle new ICV size
-          msg = self.body.to_s + self[:pad_length].to_s
-          msg += self[:next].to_s
-          self[:icv].read msg.slice!(-@icv_length, @icv_length)
-          self[:body].read msg[0..-3]
-          self[:pad_length].read msg[-2]
-          self[:next].read msg[-1]
-        end
-        authenticate_esp_header_if_needed options, iv, self[:icv]
-        private_decrypt opt
-      end
-      private
-      def get_auth_data(opt)
-        ad = self[:spi].to_s
-        if opt[:esn]
-          @esn = Types::Int32.new(opt[:esn])
-          ad << @esn.to_s if @conf.authenticated?
-        end
-        ad << self[:sn].to_s
-      end
-      def authenticate_esp_header_if_needed(opt, iv, icv=nil)
-        if @conf.authenticated?
-          @conf.auth_tag = icv if icv
-          @conf.auth_data = get_auth_data(opt)
-        elsif @intg
-          @intg.reset
-          @intg.update get_auth_data(opt)
-          @intg.update iv
-          @icv = icv
-        else
-          @icv = nil
-        end
-      end
-      def set_esp_icv_if_needed
-        return unless authenticated?
-        if @conf.authenticated?
-          self[:icv].read @conf.auth_tag[0, @icv_length]
-        else
-          self[:icv].read @intg.digest[0, @icv_length]
-        end
-      end
-      def private_decrypt(options)
-        # decrypt
-        msg = self.body.to_s
-        msg += self[:padding].to_s + self[:pad_length].to_s + self[:next].to_s
-        plain_msg = decipher(msg)
-        # check authentication tag
-        if authenticated?
-          return false unless authenticate!
-        end
-        # Set ESP fields
-        self[:body].read plain_msg[0..-3]
-        self[:pad_length].read plain_msg[-2]
-        self[:next].read plain_msg[-1]
-        # Set padding
-        if self.pad_length > 0
-          len = self.pad_length
-          self[:padding].read self.body.slice!(-len, len)
-        end
-        # Set TFC padding
-        encap_length = 0
-        pkt = nil
-        case self.next
-        when 4   # IPv4
-          pkt = Packet.parse(body, first_header: 'IP')
-          encap_length = pkt.ip.length
-        when 41  # IPv6
-          pkt = Packet.parse(body, first_header: 'IPv6')
-          encap_length = pkt.ipv6.length + pkt.ipv6.sz
-        when ICMP::IP_PROTOCOL
-          pkt = Packet.parse(body, first_header: 'ICMP')
-          # no size field. cannot recover TFC padding
-          encap_length = body.sz
-        when UDP::IP_PROTOCOL
-          pkt = Packet.parse(body, first_header: 'UDP')
-          encap_length = pkt.udp.length
-        when TCP::IP_PROTOCOL
-          # No length in TCP header, so TFC may not be used.
-          # Or underlayer protocol should have a size information...
-          pkt = Packet.parse(body, first_header: 'TCP')
-          encap_length = pkt.sz
-        when ICMPv6::IP_PROTOCOL
-          pkt = Packet.parse(body, first_header: 'ICMPv6')
-          # no size field. cannot recover TFC padding
-          encap_length = body.sz
-        else
-          # Unmanaged encapsulated protocol
-          encap_length = body.sz
-        end
-        if encap_length < body.sz
-          tfc_len = body.sz - encap_length
-          self[:tfc].read self.body.slice!(encap_length, tfc_len)
-        end
-        if options[:parse]
-          packet.encapsulate pkt unless pkt.nil?
-        end
-        true
-      end
-    end
-    self.add_class ESP
-    IP.bind ESP, protocol: ESP::IP_PROTOCOL
-    IPv6.bind ESP, next: ESP::IP_PROTOCOL
-    UDP.bind ESP, procs: [->(f) { f.dport = f.sport = ESP::UDP_PORT },
-                          ->(f) { (f.dport == ESP::UDP_PORT ||
-                                     f.sport == ESP::UDP_PORT) &&
-                                   Types::Int32.new.read(f.body[0..3]).to_i > 0 }]
-    ESP.bind IP, next: 4
-    ESP.bind IPv6, next: 41
-    ESP.bind TCP, next: TCP::IP_PROTOCOL
-    ESP.bind UDP, next: TCP::IP_PROTOCOL
-    ESP.bind ICMP, next: ICMP::IP_PROTOCOL
-    ESP.bind ICMPv6, next: ICMPv6::IP_PROTOCOL
-  end
-end